Ascension St. Vincent’s Coastal Cardiology
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In August 2022, Ascension St. Vincent’s Coastal Cardiology in Brunswick, Georgia, experienced a significant healthcare data breach affecting its legacy systems. This incident impacted 71,227 individuals, with the breach involving the encryption of some information by ransomware. The breach specifically targeted the legacy electronic medical record (EMR) system of the recently acquired Ascension St. Vincent’s Coastal Cardiology, leaving the current networks and systems, including the active EMR, unaffected[1][5].
The compromised legacy system contained a wide range of personal and health information related to visits at Coastal Cardiology prior to October 5, 2021. This included demographic details (name, address, email address, phone number, insurance information), as well as potentially sensitive data such as Social Security numbers (if provided), clinical information, and billing and insurance details[1][3]. Despite the encryption of data by the attackers, Ascension St. Vincent’s Coastal Cardiology has stated that it does not believe any information was removed from the systems or misused[3][6].
In response to the breach, Ascension St. Vincent’s Coastal Cardiology took immediate steps to secure the legacy network and initiated a comprehensive investigation with the assistance of a third-party forensic team. They also notified law enforcement and have been cooperating with their investigation. To mitigate the risk of identity theft and fraud for affected individuals, the organization offered a complimentary two-year membership of Experian’s IdentityWorks, a service providing identity detection and resolution of identity theft[3][5].
Furthermore, a class action lawsuit has been filed against Coastal Cardiology P.C., alleging failure to adequately protect patient information from a foreseeable cyberattack and criticizing the timeliness of the breach notification to victims. The lawsuit seeks to represent all individuals whose personal information was compromised as a result of the breach[4].
This incident is part of a broader trend of increasing cyberattacks and data breaches within the healthcare sector, highlighting the critical importance of robust cybersecurity measures and prompt incident response strategies to protect sensitive patient information[2].
Citations:
- https://healthitsecurity.com/news/healthcare-data-breach-at-ga-cardiology-practice-impacts-71k
- https://www.hipaajournal.com/october-2022-healthcare-data-breach-report/
- https://www.mass.gov/doc/assigned-data-breach-number-28421-ascension-st-vincents-coastal-cardiology/download
- https://www.classaction.org/news/class-action-claims-ascension-st.-vincents-coastal-cardiology-failed-to-prevent-data-breach-affecting-over-70k-patients
- https://www.jdsupra.com/legalnews/ascension-st-vincent-s-coastal-6277323/
- https://www.scmagazine.com/analysis/ransomware-attack-on-ascension-st-vincents-legacy-emr-spurs-breach-notice
- https://www.beckershospitalreview.com/cybersecurity/ascension-st-vincent-legacy-ehr-system-hit-by-ransomware-attack.html
- https://www.linkedin.com/posts/amir-sternhell-91656a_healthcare-data-breach-at-ga-cardiology-practice-activity-7000470639740362753-Fyzz?trk=public_profile_like_view
- https://www.beckershospitalreview.com/cybersecurity/ascension-st-vincent-legacy-ehr-system-hit-by-ransomware-attack?utm_campaign=bhr&utm_content=related&utm_source=website